Disruptive Thinking

Traditional ways of doing business have changed. Or, to be rather brutally accurate, they have been disrupted.

Our world has been transformed with mobile, cloud, social, data, security, connected devices, to a technological paradigm that could not have been imagined prior to the introduction of the PC, which is not that many years ago.

The way we do things and the devices we use to get things done basically just got faster and smarter at Moore’s law speed. Powered by cloud computing and mobile broadband and fuelled by the individual’s desire to be online all the time, the impact on the world of work and commerce has been profound. What this means for enterprises is that it’s time to think differently; doing business in the digital age means dealing with digital customers, and this can mean a need to dramatically reshape the organisation’s operating model.

Changing technologies, changing philosophies

One of the most significant changes to enterprise IT procurement today has been the shift of the cost model. Organisations have gone from the traditional method of paying up front for technological tools, the CAPEX route, to the more agile, cost-effective OPEX model. This change in philosophy has been powered by pay-as-you-use technology services and is at the heart of how enterprises have to adapt and reinvent themselves.

The benefits that this brings to businesses are many. There is the immediate cost saving inherent to not having to pay set-up fees and to not actually having to buy the full technology kit in the first place. The on-demand usage model also lets companies operate in more flexible and agile ways, creating work/life balance advantages for their employees and enabling better interaction with customers.

When your customers are digitally savvy end-users themselves, they naturally expect the companies they buy from to be similarly engaged. That’s why progressive companies are now using social media tools to deliver customer service, or enhancing their overall value proposition with dedicated smartphone apps.

Fundamentally, enterprises now need to work smarter. Those companies that want to thrive and enjoy competitive advantage over rivals are those that embrace technology, harness its power and use it to improve their product and service offering.

The shift from digital enablement to digital dependency

Technology and in particular mobile devices and mobile Internet connectivity have become life essentials – to the point where some countries have even gone as far as making broadband an actual human right. So much of what we now do as individuals requires technology to make it happen and that we’ve become dependent on it.

Broadband is now faster than ever and pretty much ubiquitous, while cloud computing and the proliferation of smartphones and tablets has been extraordinary and pervasive. Wearable technology is set to go mainstream and the Internet of Things will see more connected devices in place around the planet than we can currently envisage.

Enterprises have no choice but to reinvent and change the ways in which they work and interact with customers. At operational level they need to change their structure and their value proposition needs to evolve.

The more demanding customer

There is a cyclical element to the changes the digital era has brought us; because technology has enabled organisations to work in whole new ways, customer expectation levels have risen. The smartphone connected customer is used to great service, direct to their mobile device wherever they are, so the enterprise is under increasing pressure to keep meeting and exceeding these expectations. It’s a whole new paradigm of customer expectation.

To take this a little further, the next batch of customers currently working their way through university are all Echo Boomers, or Generation Y. They are the most technologically advanced and expectant generation of individuals we’ve ever produced, and they literally do not know or remember a world without broadband, mobile devices, laptops and always-on connectivity. So enterprises need to plan ahead – customer expectation of your digital capabilities is only going to keep on rising.

But remember to keep the back door locked

All this increased mobility and device usage does of course carry a threat with it. While organisations can benefit hugely from reinventing themselves and carrying a digital offering, they must be mindful of the security challenges. Hackers and cyber criminals have also continued to evolve, so risks do remain and have multiplied.

Enterprise mobility management, a strong firewall on your network, in-depth mobile policy within the organisation and even secure corporate app stores are all ways that enterprises can enjoy the benefits of digital while minimising security risks.

Disruptive thinking

With so many technological advances, disruptive thinking is key to an enterprise reaping the benefits quickly. Organisations need to disrupt themselves before they are disrupted, they need to embrace new technologies and adapt them to their organisation’s operations as this is the only way ahead.

Companies that move first will enjoy greater success over the coming decade. Enterprises that delay and continue to operate in time-honoured, traditional ways, will find themselves losing customers, market share and ultimately profitability.

By embracing the digital era and reinventing themselves as a digital enterprise, organisations can truly thrive. Technology used to be a support function within a company, today it is an absolutely essential element of a business strategy. By utilising digital tools to integrate customer service channels, companies can deliver far better customer service and keep customers coming back. Giving your customers more added value with smartphone apps tailored to their needs, will see your customer satisfaction levels increase.

These are some of the ways to forge ahead in the age of the digital economy. Disruptive thinking needs to also be applied to cyber security and protection from unwanted cyber penetrations of your systems, data and sensitive intellectual property.

A simple and effective start, on the security front, is to have professional penetration testing conducted on your organisations systems before someone else does.

The journey into the cloud – making the right choices

The cloud is now, quite literally, everywhere. IT end-users interact with the cloud on a daily basis, organizations are engaged in cloud services at all times, and the cloud powers much of the way business operates today. The business benefits of cloud computing are now well-established and acknowledged, yet 37% of IT decision makers think staff have bought cloud services outside of the IT department without permission – meaning not everyone has thought the process through as well as they probably should have.

The cloud journey has now become a strategic imperative and no longer just a tactical IT choice – greater flexibility, improved productivity, increased collaboration, remote working and greatly reduced CAPEX can all be found through a smart cloud policy. But as with any strategic business initiative, making the right choices of suppliers, partners and relationships is the route to these dividends. And put simply, the cloud has gone mainstream.

So how do you ensure that you get these choices right and maximize the benefits of cloud computing to your organization while minimizing risk? Well, in all honesty, it genuinely depends on where you are starting from.

The greenfield approach

Companies and organizations which are taking a “greenfield approach” to cloud computing face a different set of challenges. Coming from this angle, the most beneficial way forward can be the lease and configure model. Instead of having to go on out and buy expensive hardware, and then also manage it, organizations are finding value in the managed services route. The main advantage here to “greenfield companies” is that they can simply pay a leasing fee and have their cloud solution specified and configured precisely to meet their needs.

What this means is that start-up companies or start-up divisions can operate independently and go straight into the cloud. They don’t need to set anything up, whether that is databases or ERP tools, and they are freeing themselves from risk and also responsibility. They enjoy all the benefits of the “greenfield approach”, under which they can test out new initiatives and processes, while just paying a fee for their expert partner to service their storage, virtual machines and applications in the cloud. It can very much be argued that companies in this category can make the move to the cloud more easily than their more established counterparts.

brownfield transformation

More mature companies and organizations can face a more complicated time of it however. If they have greater experience, have existing IT assets on their balance sheet and have a range of business processes in place, then they face a trickier journey into the cloud. By being in the “brownfield” category they can’t simply plug into managed cloud services without a transformation journey – they have totransform their existing operations and systems to the new environment.

These companies also have to address the financial equation which centers on those existing assets, while also managing greater levels of fear, uncertainty and risk than their “greenfield” peers. Meaning they are often in the market for a trusted third party who they can partner with and agree on the required Service Level Agreements (SLAs).

changing times for the CIO

Each of these approaches however means a range of challenges for the CIO. In days gone by the CIO needed to have in-depth technical skills and knowledge, and true IT project management expertise – today the CIO needs to be much more commercially and partnership savvy.

Today’s CIO must specialize in partnerships and relationships, SLAs and vendor management – in essence, the CIO has transformed too, from technologists to commercial decision-maker. In addition to far greater commercial know-how in general, today’s CIO needs to be much more marketing aware to leverage the opportunities that social media and mobile cloud apps offer in marketing leverage.

So whether the “greenfield” or “brownfield” approach, the burden when formulating that essential cloud strategy falls on the company CIO and IT department. They no longer have to build, install and operate systems, they need to specify, partner, transition, configure and manage commercial outcomes. The worldwide cloud market is forecast to grow from $40.7 billion in 2011 to $241 billion in 2020, and research regularly places cloud high among CIO priorities.

So a different way of thinking is required, since organizations are no longer just picking products and boxes, they are picking partners and service providers.  The old approach of buying the market leading product vendor to reduce the risk of technical obsolescence no longer applies. CIOs are now charged with helping make corporate IT agile, flexible and relevant to market discontinuities. Cloud computing, as a disruptive technology, was always going to disrupt the CIO’s traditional way of doing things. CIO’s now need to help reduce the risk of business model obsolescence.

The pace of technological change is accelerating and driving business model change. The CIO challenge has moved from technology obsolescence to business model obsolescence if IT cannot support the business model changes.

Gordon

Smart cities will deliver Innovation Centres

“Competition between Cities” has started

Smart city projects are among the most exciting technological initiatives around today and will play a major role in the world’s future growth. Modern technology lets us track and monitor pretty much anything in a major urban environment – noise, light, traffic, weather and so on – and use this data to improve people’s living and working conditions.

Traffic and parking availability is one area of smart city projects that is leveraging new technology to drive real change. New technology is emerging all the time that lets us manipulate networks more finely, taking advantage of more sensors, more cameras and more real-time data to improve road traffic.

Recent research showed that the average UK motorist spends over 2,500 hours in their lifetime driving around looking for car parking spacesThat’s an enormous 106 days – and in a hectic, built-up city like London, it takes an average of 20 minutes to find a parking space. Other statistics show that up to 30 per cent of city traffic is created by people driving around looking for an available parking space.

With population and vehicle figures always rising, it is hard to see these numbers falling without any kind of intervention. The UN estimates that by 2050 the world’s population will reach 9 billion people, the majority of this growth taking place in cities. This means urban populations will have grown to 6.3 billion by 2050, more than double the 2.8 billion living in cities today. So with all those extra people on the roads, tracking and controlling car and general traffic movements in a more intelligent, detailed way, will become vital.

Taming the beast

Technology provides the tools to make managing this ever-increasing traffic a reality. There are three key elements to dealing with this urban traffic as we move forward – identifying the problem, keeping road users informed and deploying smart mechanisms to keep traffic flowing. Addressing these lets us approach the issue progressively and practically.

Data monitoring and communicating with end-user mobile device apps is already part of modern urban living. We can receive the latest overground and subway train information direct to our smartphones when commuting, helping make the journey to work less of a hassle. Regarding traffic flow, one of the most interesting developments I have seen more of recently was in a “smart car park”, where sensors detect whether or not a car is parked in a particular spot and communicate that to drivers who have just arrived, telling them where available parking spaces with visual indicators of red and green lights – again saving time and keeping traffic flowing.

This model would work in a major city too. Smart cities already have technology in place to install a ‘mesh’ over the whole urban environment, with sensors installed to transmit real-time traffic data across the network. Sensors placed on buildings and on kerbsides could determine whether or not there is a car parked in a space and communicate this information to smartphone users – it could even bring Satellite Navigation and mapping technology into the mix to deliver true, real-time parking information to drivers. Drivers could save both time and frustration – forewarned is forearmed.

Powering the cities of the future

Faster mobile networks are at the heart of smart cities and are enabling people to do more on the move. As networks offer more cloud-based services and storage, this in turn leads to richer content and apps being available to end-users, which both informs and is informed by ever-smarter mobile devices.Smarter devices, faster networks and the cloud becoming ubiquitous all combine to power greater consumption of digital content – in short, users want more data all the time and want it now.

The Internet of Things (IoT) will also play a key role in smart city development. The sheer weight of Big Data generated by the IoT will impact everywhere, particularly on things like traffic flow – town planners will be able to gather the data, analyse it and use it to tailor future policy and projects.

The changing nature of the city as we know it

As smart cities get smarter we’ll be able to introduce new, joined-up services, based on gathering data through sensors and delivering it to smart devices to make life easier for both citizens and administrations. As well as projects like smart traffic management there are other knock-on benefits to be had – for example, parking space sensors could also be used to detect street temperatures in real-time, and tell municipalities whether they need to send out snow ploughs today.

Smart cities are very much about making yesterday’s dreams today’s reality. Back in the mid-twentieth century there was much talk of traffic jams and urban congestion being eliminated in the future. Technology has helped change the very nature of a city and encourage investment in smart cities as a result. Cities began life as religious centers which in time became defence centres and subsequently market centres and industrial centers. In the information era, cities will evolve to become innovation centres, and as economic competition becomes more about competition between cities rather  than just countries, having high levels of innovation and skilled people will be key. The smarter the city, the higher its innovation levels and the better equipped it will be to compete in the economic marketplace.

Gordon

Business Applications as a Service (BAaaS)

Moving business apps into the cloud carries big benefits

The rise and rise of the as-a-Service (XaaS) model continues. The various models based around the XaaS approach are all forecast to continue growing rapidly as organizations go on taking advantage of the increased flexibility, lower CAPEX and on-demand nature of the service. Gartner predicts that Infrastructure-as-a-Service (IaaS) will grow at a CAGR of 41.3 per cent through 2016, while Platform-as-a-Service (PaaS) will hit 27.7 per cent CAGR in the same period. The Software-as-a-Service (SaaS) market will grow at 19.5 per cent CAGR in that time too, demonstrating how significant the cloud delivery of IT services has become.

XaaS is about making life easier for the customer while giving the provider greater flexibility. Where previously software licenses were bought and long-term contracts entered into, today organizations want and need to be more agile. Utilizing IT services on-demand means that businesses can deploy services as needed, quickly, securely and cost-effectively, and the cloud has enabled this change in mentality. It has helped to create a more business-centric IT culture, where companies and organizations really do get to have IT on their own terms.

Beyond software and infrastructure

As every mobile user knows, this is the era of the app. Cloud delivery of our favourite films, music, games, magazines and books direct to our smartphones or tablets is now entirely second nature, and it has almost become hard to remember the world before it. So just as we source our personal apps on demand from the cloud, doesn’t it now make sense that we do the same thing with business applications?

Business Applications as a Service (BAaaS) is well set to become the next big thing in app delivery this year. As companies continue needing to cut costs wherever possible, shifting certain business applications into the cloud and utilizing them on an on-demand basis helps to remove the CAPEX typically involved in purchasing business services, and also reduces OPEX as you go along. Companies today often find that processes and requirements change on a continuous basis, meaning purchasing business applications outright can become a zero-sum game or even a loss-maker. Organization and end-user needs are always evolving, and new functionality is often required at short notice.

So just as Software as a Service began life delivering business applications like Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and Human Resource Management (HRM) tools on demand and via the cloud, so the BAaaS model will evolve to deliver other key applications like Business Intelligence (BI), security tools, plant control and business premises management apps – it’s the next logical step in this technology shift.

Why so popular?

In addition to the OPEX and CAPEX benefits, BAaaS tools can be used from any device, whenever and wherever the end-user wants. With so many personal apps delivered through the cloud to mobile devices today, end-users are perfectly familiar using the internet to get the apps they need. So there is no reason why this should not extend to the workplace. There’s also a shorter learning curve to be had because of this end-user familiarity.

Delivering business apps in this way also makes the upgrade process far easier. Organizations work with their BAaaS partner to establish the terms of engagement, the BAaaS partner then takes care of all updates and upgrades to apps. No additional hardware, software or capacity upgrades are required, even when scaling up the user base. It is a model of simplicity.

The changing nature of the CIO

The BAaaS shift also has major implications for the CIO and the IT department. With the role of the CIO changing into that of a business-critical one, the benefits of BAaaS can help make the transition simpler. With budgets remaining tight, the pressure is on the CIO to do more with less – their focus must become more strategic and they have to deliver commercially impactful initiatives – by being innovative, agile and prepared to adopt new technologies.

Every stakeholder today expects more. They expect more apps delivered more quickly and more reliably, wherever they are, while ensuring that the network remains more secure. This means customers, partners, employees, fellow C-level executives – the modern CIO now has a very different role. The IT department has become both the engine room of a company and also a business unit in itself which must innovate, think strategically and drive the organization forward. BAaaS is the latest cloud service which can help make the CIO’s mission easier and more relevant.

Gordon

Devices, Devices, Devices everywhere – it’s time for next generation “Mobile Device Management as a Service”

As mobile devices continue to increase in both variety and number, it seems to me it is a good time to revisit mobile device management (MDM) strategy. MDM has been around since mobile devices came to the fore, but because of the rapidly changing nature of the mobile landscape, it has had a hard time keeping pace.

A quick definition; MDM policy and tools secure, monitor and manage mobile devices throughout organizations and across various platforms, networks and operators. However as mobile devices have become ubiquitous, both at enterprise and consumer level, there has come a need for MDM to evolve too, to offer greater control and confidence to organizations without compromising all the benefits of the modern mobile user experience.

So what is it that has changed the landscape the most? Well, quite simply, it is the sheer number of devices. The mobile experience is no longer simply about a phone – it’s now smartphones of numerous types and operating systems, tabletsphabletsultrabooks, wearable technology and much more besides. This is the new ‘mobile’, this is now how big mobile is. Over two-thirds of people say they use personal mobile devices in the workplace today. This is what MDM has to cope with.

more devices, more data, more risks

So as mobility takes hold in the enterprise, and more and more critical or sensitive corporate data is at risk of being transported into the public domain by accident or design, the need for a comprehensive MDM approach becomes essential. Global companies want to design and implement global security policies that keep their data as free from threat as possible, but how do you achieve this in the face of such massive mobile device proliferation?

The threats are clear. While it is not really all that long ago that malware, Trojan horses and viruses were considered the chief menace to corporate data, mobility has today brought with it a whole raft of new, more subtle, dangers. Lost or stolen mobile devices and insecure communications now rank high on the list of information security professionals’ worries, and without the right tools and policies in place can be more damaging. Organizations can only realistically secure and control the threats that they know about – mobile devices in the workplace are more difficult to track and maintain in the enterprise environment than inward-bound attacks.

So the main threat is as simple as staff members using their personal devices to access corporate data – with or without their knowledge or intent – and then taking it outside the network. The traditional walled garden is now so compromised as to be obsolete. Nine out of ten executives recently confessed to accessing corporate data on their own mobiles – so how do organizations deal with this fast-growing problem?

everything needs to be managed

Everything is mobile and everything needs to be managed. This is the premise from which to start. Smartphones, tablets and phablets in the workplace, ultrabooks as replacements for traditional laptops, and while not so common just yet, smartwatches and other wearable technology like Google Glass will soon enter the workplace and fall under the remit of the IT department. So an organization’s MDM strategy needs to be robustwide-reaching and most of all progressive – it needs to be able to grow with the rapidly changing landscape.

Furthermore, the rise of the Internet of Things (IoT) and its accompanying machine-to-machine (M2M) communications will also play a part. The IoT means yet more mobile devices, all communicating over the network and all in need of management. The connected car is now a reality and gives mobile employees a new workplace, while other M2M devices that can also store data will need to be managed. So organizations need to address all of these developments, both cost-effectively and efficiently.

on-premise or in the cloud?

Traditionally, MDM policy forming and implementation would be done at ground level, on-premises, so that the IT department could be involved in each step of the process. However, a comprehensive MDM strategy has many bases to cover, and with more mobile devices than ever entering the corporate environment, even the most efficient IT department could find itself stretched too thin. There is basic encryption of devices required, protection against data breach should a device be stolen or lost. Corporate app stores are gaining popularity as a means of controlling the applications that users can install on devices, but more devices with more operating systems again means more complexity here.

So in the event that in-house resources are insufficient to cover MDM on premises, we turn again to the cloud. The benefits to enterprise of cloud-based solutions are well-documented, but when it comes to MDM, the cloud model brings with it the big benefit of lower set-up fees – CAPEX – but also lower ongoing OPEX as well. Cloud-based MDM – or in fact as it is becoming known, MDM as a Service – can give organizations scalable mobile device management on-demand, so they can use it as much or as little as they need to. As mobile devices continue to evolve and end-users continue to lap them up, the flexible MDM in the cloud solution, provided by a specialist partner, looks like offering a highly desirable way ahead.

Original Publication  

 

Taming the multichannel customer service monster

Today’s consumer is a much more expectant, much more demanding beast than in times gone by – and the reason for this is technology. The consumerization of IT and mobility have combined to give people a level of control and power over their activities that they’ve never previously been able to enjoy. And one of the by-products of this has been an increased expectancy of customer service quality.

The modern customer – and indeed the modern company – today has more ways of communicating available to them than ever. We have the traditional telephone network for voice calls, but we also have SMS messages and multiple online tools such as email, web forms, chat, instant messengers and social media applications. A common consumer perception is that voice never really gets you very far – and be honest, nobody in the world actually enjoys sitting on hold listening to irritating music and product pitches – so companies have had to start thinking differently.

This means utilizing all those other communications tools in an effective way – and it is a tricky balancing act to get right. Apps are increasingly becoming the way that end-users interact and so they expect their customer service to come their way on their terms. The challenge of delivering a multi-channel customer experience, a genuinely fully-integrated, seamless customer service, is a big one.

the journey’s destination – the fully integrated, seamless customer service

So with customers expecting and demanding better service and more personal attention, why, in this multi-channel environment, isn’t it being delivered?  The opportunity to provide a genuine cross-channel customer experience is there, and it has never been more important to retain good customers and attract new ones through a strong brand and reputation for high quality service.

In a highly competitive world, organizations are focused on product innovation, why are they not taking the next step to think to roll out an integrated customer service suite at the same time?

The figures are pretty convincing in favor of offering an enhanced customer service experience. 86% of consumers say they are prepared to pay more for a better customer experience, while just 1% says companies consistently meet their expectations. Poor customer experience is the biggest cause of customer churn, with 89% of people admitting that they are happy to switch to a competitor due to poor customer experience.

This is the mobile age and companies are faced with a generation of end-users who have no real concept of things like fixed-line phones and sitting on hold waiting for the next available agent. They want their interaction in real time, the same way they have it with friends, family and peers online. When 50% of smartphone users say they would prefer to use a mobile customer service application to try and resolve a customer service problem before picking up the phone and calling the contact center, you know that there is both an issue and an opportunity here.

the way ahead – the Cloud and analytics

40% of organizations have stated that ‘complexity’ is the biggest challenge to their deploying enhanced, multichannel customer service offerings – it used to be ‘organizational structure’ – but cloud computing is helping to make a seamless contact center and customer service operation a more achievable reality. Business intelligence and analytics tools allow organizations to both track and monitor customer datato improve their experience, while the Cloud also enables social media engagement in real time like never before.

The cloud makes it easier than ever to bring the right customer service people together with the right customers, on the customer’s terms. The ability to include customer service processes and systems within the cloud enables more tools – organizations can communicate via Twitter, Facebook and other social apps – but it must be integrated, or risk giving the customer further frustration.

The future of customer service is undoubtedly in the cloud, and intelligent analytics will enable organizations to keep their offering fresh and their customers content. These analytics are particularly useful for government bodies and companies in the financial, health and insurance industries, all of which are subject to regulatory changes and challenges.

70% of businesses plan to include social media as part of their customer service offering by mid-2014, while 55% of customers expect customer service via social media. Customers who engage and interact with companies via social media spend 20 to 40% more with those companies than other customers. The proof points are becoming undeniable, the need for a joined-up customer service provision across multiple platforms and channels indisputable, and it is the cloud which will deliver this.

Original Publication

 

Private life in the Cloud

We live in a world of cyber security threats: hackers breaching organisational firewalls, Wikileaks publishing private state documents, and employers tracking cyber activity for productivity sakes.  Privacy, in relation to digital data, is a hazy topic.

The internet alone is increasingly being used as a medium to collect information for consumer profiling. According to Nielsen’s 2013 Australian Online Consumer report, 17.2 million Australians accessed the internet in the month of July and spent an average of 38 hours online across 60 sessions.

As more and more Australians surf the internet, check their mail, shop online, apply for jobs, or simply socialise with friends, they are leaving a trail of digital data that for some people is a gold mine. This includes email services like Gmail, file storage services like Dropbox, photo galleries like Flickr, and the list goes on. And this is not just on PC’s: laptops, smart phones, tablets, and televisions with internet capability all leave a cyber-trail.

When March 2014 hits, easy access to digital data will no longer be the case. Australia is about to get tougher on its privacy laws: effective March 2014, the 2012 Privacy Amendment Act will require that all Australian organisations, regardless of size and industry, implement open and transparent policies for managing personal data. This may seem simple, but it opens a crevasse of questions: how did you obtain this person’s contact details? Were you transparent in your original address? How are you storing these details? What is the purpose of collecting personal details? Are you sharing them amongst your organisation or more broadly?

These questions relate not only to your employees, but to everyone your organisation interacts with: stakeholders, customers, past employees, marketing databases….and the list goes on.

With the clock ticking, there is less than a year remaining until privacy is changed forever. Yet the implication of privacy is rarely discussed.  The question is: are businesses prepared? The answer is, more likely than not, no. If personal data is not adequately handled, organisations may be liable and can be imposed with fines of up to $1.7 million for an organisation and $ 370,000 for an individual.

As the generation of digital data continues to grow exponentially, it provides challenges for corporates to correctly manage, store and secure it. The pressure is on and the onus is on all companies to evaluate:
– Who ‘’owns’’ the privacy realm within their organisation?
– When was the last time an organisation reviewed their privacy policy?
– And if they have the necessary approvals to use third party data?

Achieving data privacy is a challenge for all organisations and the amount of work that needs to be done should not be underestimated. There is no time like the present to consider how to manage risk involved– what is lacking, what policies need to be put in place, and what needs to change.

1) Conduct a Privacy audit
Organisations need to implement a privacy audit which evaluates the type of sensitive information held by an organisation. This sensitive information can refer to employees’ personal details such as their tax file number or Medicare number and includes whether or not you have the rights to audit and access information, as well as the timely return of information when an agreement ends.  Analyse each aspect of this process which includes the collection, retention, use, and disclosure of personal information and determine risk levels. In cases where an organisation uses a cloud provider, it is important to understand who the stakeholders are, what their roles and responsibilities include, and where data is located and replicated.

Ask yourself: is third party data simply stored or is it being mined for advertising and marketing purposes?

2) Data protection and privacy impact strategy
Develop a comprehensive data protection and privacy strategy which focuses on integrating data protection and privacy processes while sustaining efficiency and long-term growth objectives. An organisation’s privacy strategy needs to be integrated with the overall risk and project management framework. It is also equally important for organisations to update their privacy policy regularly and seek input from legal advisors with specific knowledge regarding privacy laws where needed.

Ask yourself: what happens in the event of a data breach?

3) Create privacy policies and procedures 
Develop policies and procedures that clearly state the importance of protecting sensitive information stored in-house or in the cloud which complies with the requirements of the Australian Privacy Principles (APPs).  An organisation needs to take measureable steps to protect the personal information it holds from misuse. This includes mechanisms to protect and manage the information, including disaster recovery processes to protect against data loss. An organisation’s legal advisor needs to fully understand the nature of both the cloud and privacy requirements and should be able to tailor the legal protections in your agreement.

Ask yourself: what are the privacy policies that your organisation needs? Understand your key areas of weakness so you can develop a plan to protect data.

4) Ensure accuracy and transparency of all personal information held 
Personal information collected by an organisation needs to be accurate, complete, and up to date. Customers should have access to their information and make corrections if required. For instance, if an organisation holds a database which records the phone number and address of its customers, a process needs to be put in place which allows customers to change or update their details.

Ask yourself: when was the last time you updated your customer database?

5) Appoint a policy offer and train employees to mitigate security risks
Monitoring employees to ensure that privacy policies are applied will be very hard to manage on a daily basis. Transferring knowledge to your employees will identify weakness and help mitigate security risks. This is no simple task. Look at appointing a policy officer that trains employees and regularly monitors content and activity to prevent any violation.

Ask yourself: is it worthwhile hiring a policy officer to ensure that a breach does not occur?

But this is just the beginning. Let’s throw a spanner in the works.
Consider all of these advances in the context of data stored in cloud. The list of considerations and concerns gets infinitely bigger. There are different approaches to how privacy is interpreted when it comes to data stored in the cloud space. The following is a general starting point, but not specific advice, as individual circumstances vary and need to be looked at in more detail.

– The Infrastructure as a Service (IaaS) model, where the service provider is responsible for housing customer information and is not involved in any handling or processing of personal information. In this case all obligations to privacy are held with the customer.

– Software as a Service (SaaS) model, where the service provider is responsible and plays an active role in handling and managing customer’s personal information. In such cases, the service provider needs to obtain consent from the customer to hold and or use this information.

– Platform as a Service (PaaS) model, where the service provider delivers tools to enable customers to deploy applications. The service delivery model means that customers need to use best practices and privacy–friendly tools.

Privacy remains a critical component for Australians doing business or simply engaging online. We are entering a challenging new era as tougher privacy laws come into effect. While some Australian companies have already initiated the ground work, others have simply turned a blind eye.

Business owners who want to mitigate risks without sacrificing their ability to do business need to start addressing where they currently stand in relation to digital privacy. Assessing the business structure now will identify strengths and weaknesses, and set the wheels in motion for the new privacy approach.

Original Publication